NIST SP 800-172 v2021
Enhanced Security for CUI
Framework data extracted from the Secure Controls Framework (SCF) v2025.4 Set Theory Relationship Mapping (STRM) files, licensed under CC BY-ND 4.0 . Attribution required per license terms.
35 All
3.1 — Access Control (3 requirements)
3.2 — Awareness and Training (2 requirements)
3.4 — Configuration Management (3 requirements)
3.5 — Identification and Authentication (3 requirements)
3.6 — Incident Response (2 requirements)
3.9 — Personnel Security (2 requirements)
3.11 — Risk Assessment (7 requirements)
3.11.1eThreat Intelligence-Informed Risk Assessment
3.11.2eCyber Threat Hunting
3.11.3eAdvanced Automation and Analytics for Risk Prediction
3.11.4eSecurity Solution Documentation and Risk Determination
3.11.5eSecurity Solution Effectiveness Assessment
3.11.6eSupply Chain Risk Monitoring
3.11.7eSupply Chain Risk Management Plan
3.12 — Security Assessment (1 requirements)
3.13 — System and Communications Protection (5 requirements)
3.14 — System and Information Integrity (7 requirements)
3.14.1eSoftware Integrity Verification
3.14.2eContinuous Monitoring for Anomalous Behavior
3.14.3eScope of Enhanced Security Requirements
3.14.4eSystem Refresh from Trusted State
3.14.5eCUI Storage Review and Removal
3.14.6eThreat Indicator-Guided Intrusion Detection
3.14.7eVerification of Security-Critical Components